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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address « 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E3 Responsive to communication(s) filed on 2/7/2005 Amendment/RCE . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) |EI Claim(s) 1-20.22-24,26 and 29-44 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 03 Claim(s) 1-20.22-24.26 and 29-44 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1. D Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-20, 22-24, 26, and 29-44 are rejected under 35 U.S.C. 102(e) as being 
unpatentable over Yavatkar et al. (U.S. 6,735,702). 

Yavatkar et al. method and apparatus for propagating filters to an upstream device 
comprising: 

•generating and installing a filter at a first network device; (Nodes 30, 36, 44, 46, 48, 50 
and 54) 

•sending information on said filter to a second network device located upstream from 
said first network device; (48) 

•requesting said second network device to install a filter so that data is filtered closer to 
a source of said data; (col. 7, line 42-45; "Node 48 is a gateway, providing network 4 
access to other networks, such as the Internet, and acting as a firewall. Link 84 
transmits data between node 48 and other networks.") 

•sending routing information from said first network device to said second network 
device so that the filter installed on said second network device filters traffic forwarded 
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to said first network device without filtering traffic to other downstream nodes; ( col. 7, 
lines 28-col. 8, line 10, "Node 48 is a gateway, providing network 4 access to other 
networks, such as the Internet, and acting as a firewall. Link 84 transmits data between 
node 48 and other networks. Nodes 30, 44, 46 and 48 are routers, accepting traffic and 
routing the traffic to destinations, or to other nodes which then forward the traffic to 
destinations. Nodes 32, 34, 38, 40, 42, 50, 52, 54, and 56 are PCs, supporting 
applications and providing functionality to users, such as word processing functionality. 
Node 36 is a file server, storing files and allowing other nodes access to the files; node 
36 has some routing capability. Nodes 30 and 44 support management console 
applications. Management console application 9, supported by node 30, is depicted in 
FIG. 1 ; for the sake of clarity the management console application on node 44 is not 
depicted. While nodes having certain definitions and functions are depicted, the nodes 
of network 4 may be any devices, for example, workstations.") 
•analyzing new data received from said second network device at said first network 
device and sending filter information to said second network device based on the 
analyzed data so that said second network device can refine the filter installed thereon, 
(col. 15, lines 17-col.16, line 45) 

•wherein generating a filter at a first network device comprises automatically generating 
said filter based on network flow entering the device, (col. 15, line 18-col.16, line 45) 
•receiving information based on monitored network flow and removing said filter from 
the first network device when the network flow requiring said filter is no longer present, 
(col. 15, line 18-col.16, line 45) 
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•refining said filter at said first network device based on said monitored network flow, 
(col. 16, line 50-col.17, line 30) 

•requesting the upstream network device to refine said filter, (col. 16, line 50-col.17, line 
30) 

•wherein generating a filter comprises detecting potentially harmful network flows and 
generating a filter to prevent packets corresponding to said detected potentially harmful 
network flows from passing through said second network device, (col. 15, line 18-col.16, 
line 45) 

•wherein generating filters further comprises classifying network flow based on a source 
device sending a packet. 

•wherein the network flow is classified based on an address of the source device, 
•wherein generating filters comprises analyzing network flow entering said first network 
device. 

•wherein analyzing said network flow is performed by software, ("watchdog agent, 
bloodhound agents) 

•selecting a class of network flows to analyze based on previously analyzed network 
flows, (col. 15, line 18-col.16, line 45) 

•wherein receiving filter information comprises using a filter propagation protocol, 
(col. 15, line 18-col.16, line 45) and 

•wherein the filter propagation protocol is operable to create, remove, or modify existing 
filters, (col. 15, line 18-col.16, line 45) 
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Response to Arguments 



3. Applicant's arguments with respect to claims 1-20, 22-24, 26, and 29-44 have 
been considered but are moot in view of the new ground(s) of rejection. 

4. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey C. Pwu whose telephone number is 571-272- 



If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David Wiley can be reached on 571-272-3923. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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PRIMARY EXAMINER 



